The Hacker News

Device Code Phishing Hits 340+ Microsoft 365 Orgs Across Five Countries via OAuth Abuse

Device code phishing targets 340+ Microsoft 365 orgs since Feb 2026 via OAuth abuse, enabling persistent token hijacking and ...
CSO Online

EvilTokens abuses Microsoft device code flow for account takeovers

The phishing-as-a-service toolkit leverages legitimate authentication to capture tokens and access Microsoft 365 services.

Microsoft 365 Under Siege: Phishing Campaign Bypasses MFA Across 5 Countries

A global phishing campaign targeting Microsoft 365 bypasses security codes using a legitimate login feature, impacting ...
Infosecurity-magazine.com

Russian Hackers Target Microsoft 365 Accounts with Device Code Phishing

Multiple Russian nation-state actors are targeting sensitive Microsoft 365 accounts via device code authentication phishing, a new analysis by Volexity has revealed. The firm first observed this ...
Bleeping Computer

Hackers target Microsoft Entra accounts in device code vishing attacks

Device code social engineering attacks BleepingComputer has learned from multiple sources that threat actors have begun using vishing social engineering attacks that no longer require ...
Bleeping Computer

OAuth Device Code Phishing: Azure vs. Google Compared

Come along with me on a journey as we delve into the swirling, echoing madness of identity attacks. Today, I present a case study on how different implementations of OAuth 2.0, the core authentication ...
Forbes

Microsoft Authenticator Code Alert—iOS And Android Users Update Now

Forbes contributors publish independent expert analyses and insights. Davey Winder is a veteran cybersecurity writer, hacker and analyst. This voice experience is generated by AI. Learn more. This ...
CSOonline

Microsoft secretly stopped actors from snooping on your MFA codes

The issue could allow threat actors to brute force MFA authentication codes for Outlook, Teams, and Azure access with 50% accuracy. Microsoft may have silently fixed a problem with its MFA ...